1) Information on the collection of personal data
a) The following will tell you how and why we collect your personal data when you visit our website. ‘Personal data’ means data that can be used to identify you personally, such as your name, address, email addresses, and user behaviour.
b) For the purposes of Art. 4(7) of the General Data Protection Regulation (GDPR), the controller is EppsteinFOILS GmbH, Burgstraße 81–83 in D-65817 Eppstein (see our legal notice). You can contact our data protection officer under firstname.lastname@example.org or our postal address with the addition ‘for the data protection officer’.
c) If you contact us via email or a contact form, we will process the data you disclose (your email address, your name, and possibly your telephone number) to answer your inquiries. We will erase the data accumulated in this way after we no longer need to store them, or will limit their processing if we are obligated to retain them by law.
d) If we use commissioned service providers to perform individual functions of our range of services or wish to use your data for advertising purposes, we will inform you about the respective procedures in detail below. To that end, we will also disclose the established criteria for the retention period.
2) Your rights
a) You have the following rights toward us regarding the personal data concerning you:
Right of access to information,
Right to rectification or erasure,
Right to restriction of processing,
Right to object to the processing,
Right to data portability.
b) You may also lodge a complaint with a data protection supervisory authority about our processing of your personal data.
3) The collection of personal data during visits to our website
a) If you are using our website for informational purposes only (meaning you are not transmitting other information), we will collect only the personal data that your browser transmits to our server. If you wish to peruse our website, we will collect the following data, which we need in order to display our website for you and ensure its stability and security (this is legally based on Art. 6(1)(1)(f) GDPR):
Date and time of the inquiry
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific site)
Access status / HTTP status code
the respective amount of data transmitted
Website from which the request comes
Operating system and its surface
Language and version of the browser software.
b)Besides the aforementioned data, cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive allocated to the browser you are using, and which send certain information to the party (in this case, us) who set the cookie. Cookies cannot run any programmes or transfer viruses to your computer. They serve to make our internet services more user-friendly and effective. Using these cookies is also legally based on Art. 6(1)(1)(f) GDPR.
a) This website uses the following types of cookies, whose scope and functionality are explained in the following:
Transient cookies (see b)
Persistent cookies (see c).
b) Transient cookies are erased automatically if you close the browser. These especially include session cookies. Those store a ‘session ID’ with which various inquiries of your browser can be allocated to the joint session. This allows us to recognise your computer if your return to our website. The session cookies are erased if you log out or close your browser.
c) Persistent cookies are erased automatically after a prescribed duration that can vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
You can configure your browser settings as you desire: to reject third-party cookies or all cookies, for example. But doing so might prevent you from using all of this website’s functions.
5) Objecting to the processing of your data; Withdrawal of consent
a) If you have granted consent to have your data processed, you may withdraw it at any time. Such a withdrawal influences the permissibility of the processing of your personal data after you have declared it to us.
b) Insofar as we base the processing of your personal data on a weighing of interests, you may lodge an objection against that processing. This is the case in particular (but not exclusively) if the processing is not needed to fulfil a contract with you, which we present in the following description of the functions. If you make such an objection, please tell us why we should not process your personal data as we are doing. If you have a justified objection, we will examine the circumstances and will either stop processing the data, adjust its processing, or show you our compulsory legitimate reasons why we must continue the processing.
c) Obviously, you can object to our processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to processing for advertising purposes under the following contact data: EppsteinFOILS GmbH, Burgstraße 81 – 83 in D-65817 Eppstein (see our legal notice).
6) Use of Google Analytics
b) This makes Google the processor for the purposes of Art. 4(8) GDPR; an appropriate contract on commissioned processing was entered into in accordance with Art. 28(3) GDPR.
c) The IP address your browser transmits as part of Google Analytics will not be added to other Google data.
d) You can prevent cookies from being placed by changing your browser settings appropriately, but doing so might prevent you from using all of this website’s functions to their full extent. You can also prevent Google from collecting and processing the data the cookie generates about your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
e) This website uses Google Analytics with the extension ‘_anonymizeIp()’. This means your IP address will be further processed in truncated form and cannot be used to identify you personally. If the data collected about you can be used to identify you personally, this will be ruled out immediately and the personal data erased without undue delay.
f) We use Google Analytics to analyse the use of our website and periodically improve it. We can use the statistics gained to improve our services and make them more interesting for you as a user.
g) Data transmission is currently based on the standard contract clauses (SCCs) provided by Google. We reserve the right to deactivate Google Analytics if a court or supervisory authority rules that those SCCs do not comply with data privacy law.
h) This website also uses Google Analytics to analyse the visits to multiple devices made with the same user ID. You can deactivate the analysis of your use across multiple devices in your customer account under ‘my data’ > ‘personal data’.
7) Use of reCAPTCHA
a) To protect the input forms on our website, we use the service ‘reCAPTCHA’ of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, (‘Google’). By using this service, we can tell whether the input in question was entered by a person or occurred abusively through automated processing.
b) To the best of our knowledge, the referrer URL, IP address, behaviour of the website visitors, information on the operating system, browser and length of visit, cookies, instructions on presentation, scripts, the user’s input behaviour, and mouse movements are transmitted to Google in the area of the ‘reCAPTCHA’ checkbox.
c) Google uses the information so obtained to digitise books and other printed matter, optimise services such as Google Street View and Google Maps (to identify house numbers and street names, for example) and for other purposes.
d) The IP address your browser transmits as part of ‘reCAPTCHA’ will not be added to other Google data unless you are logged into your Google account when you use the ‘reCAPTCHA’ plug-in. If you wish to prevent data about you and your behaviour on our website from being transmitted to Google and stored, you must log out of ‘Google’ before you visit our site or use the reCAPTCHA plug-in.
e) Data transmission is currently based on the standard contract clauses (SCCs) provided by Google. We reserve the right to deactivate Google Maps if a court or supervisory authority rules that those SCCs do not comply with data privacy law.
f) Any use of the information obtained by using the service ‘reCAPTCHA’ will comply with the Google Usage Conditions: https://policies.google.com/privacy?hl=en&gl=en
8) Use of Cloudflare
b) Cloudflare processes only the data controlled by website operators. Under certain circumstances, Cloudflare collects certain information on the use of our website and processes data that was sent by us or data for which Cloudflare has received appropriate instructions. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS logging data, and performance data for websites that are derived from browser activities. Logging data helps Cloudflare identify new threats, for example. This allows Cloudflare to ensure a high level of security for our website.
c) Cloudflare processes those data within the scope of the services while complying with applicable laws. The data are processed mainly in the USA and the European Economic Area. The data transmission is currently based on the standard contract clauses (SCCs) provided by Cloudflare. We reserve the right to deactivate Cloudflare if a court or supervisory authority rules that those SCCs do not comply with data privacy law.
d) For security reasons, Cloudflare uses the Cookie (__cfduid) to identify individual users who are sharing an IP address and apply security settings for each individual user. This cookie is very useful, for example, if you use our website from a place in which a series of infected computers is located. But we can use the cookie to recognise whether your computer is trustworthy. This means you can surf our website unhindered even if there are infected PCs in your environment. It’s important to know that this cookie stores no personal data. This cookie is absolutely necessary for the Cloudflare security function and cannot be deactivated. Details on the cookie __cfduid:
Duration: 1 year
Use: Individual security settings for each visitor
Exemplary value: d798bf7df9c1ad5b7583eda5cc5e78331600668819
e) The retention period for data at the user level for domains in the Free, Pro, and Business versions for less than 24 hours. For Enterprise Domains that have activated the Cloudflare logs (formerly Enterprise LogShare or ELS), data can be stored up to 7 days. If IP addresses trigger security warnings with Cloudflare, however, there can be exceptions to the aforementioned storage period. In these cases, the data logs are kept only as long a necessary and deleted within 24 hours. Cloudflare doesn’t store any personal data either, such as your IP address. However, Cloudflare does store some information as part of its permanent logs to improve Cloudflare Resolver’s overall performance and identify any security risks. You can read which permanent logs are stored by consulting https://www.cloudflare.com/application/privacypolicy/. Personal data will be removed from any data that Cloudflare temporarily or permanently collects. Cloudflare will also anonymise all permanent logs.
f) You can also prevent Cloudflare from collecting and processing your data entirely by deactivating script code in your browser or embedding a script blocker in your browser.
g) You can find more information on data privacy by Cloudflare at https://www.cloudflare.com/privacypolicy/
9) Use of Klaro Consent Manager
a) Our website uses cookie consent technology from Klaro, a free open source tool, to obtain your consent to have certain cookies stored in your browser and document that consent in compliance with data protection regulations. That technology is provided by KIProtect GmbH, Bismarckstr. 10–12, 10625 Berlin (‘Klaro’).
c) The Klaro cookie consent technology is used to obtain the legally prescribed consents for using cookies. This is legally based on Art. 6(1)(1)(c) GDPR.
10) Applications / job advertisements
We will collect and process your application data electronically in order to process the application. If your application results in the formation of an employment contract, we may store your transmitted data in your personnel file for the purposes of the typical organisational and administrative processes while observing the relevant legal requirements.
If your job application is rejected, the data you have transmitted will be erased automatically two months after we announce that rejection. This does not apply if longer storage is required by law (such as the burden of proof under the General Equal Treatment Act (AGG)) or if you have consented to longer storage in our database of prospective hires. You can transmit you application documents to us in encrypted form. To that end, you can use the free encryption of a ZIP file and disclose the password to us separately over the phone. If you have questions, please call us at 06198/572-242.